@rajinisivaram I added functionality to prevent changing the principal or the SASL mechanism during re-authentication and added tests for both cases. I defined a 1-second minimum before you can re-authenticate a second time (see comment above) to prevent the rogue/buggy client from re-authenticating over and over again (the connection will be closed if the 1-second timeframe is violated, and then there will be the new DDoS delay as well, so I think this covers it). I will address client interoperability with system tests (I assume it will be easier as you stated, though I am unfamiliar with the system test suite at the moment). Assuming everything looks good, any chance of this being merged and included in 2.1.0 even though it is the morning after?
[ Full content available at: https://github.com/apache/kafka/pull/5582 ] This message was relayed via gitbox.apache.org for [email protected]
